On December 11, 2024, Juniper Networks identified a security breach where multiple customers' Session Smart Router (SSR) products running default passwords were compromised. The attackers leveraged the devices to conduct Distributed Denial-of-Service (DDoS) attacks as part of the Mirai botnet's activity. This security event resulted in unusual network behavior, including port scanning, failed SSH logins, spikes in traffic, and connections from known malicious IP addresses. Juniper Networks has issued recommendations to customers for strengthening security practices and mitigating future risks. This incident underscores the importance of strong password policies and regular security monitoring to prevent exploitation of network devices. No data leaks or critical threats to personal, financial, or regional economic security were reported.
Source: https://securityaffairs.com/172157/malware/juniper-networks-mirai-botnet.html
TPRM report: https://scoringcyber.rankiteo.com/company/juniper-networks
"id": "jun000122224",
"linkid": "juniper-networks",
"type": "Cyber Attack",
"date": "12/2024",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Networking and Cybersecurity',
'name': 'Juniper Networks',
'type': 'Company'}],
'attack_vector': 'Default Passwords',
'customer_advisories': ['Issued recommendations to customers'],
'date_detected': '2024-12-11',
'description': 'On December 11, 2024, Juniper Networks identified a security '
"breach where multiple customers' Session Smart Router (SSR) "
'products running default passwords were compromised. The '
'attackers leveraged the devices to conduct Distributed '
'Denial-of-Service (DDoS) attacks as part of the Mirai '
"botnet's activity. This security event resulted in unusual "
'network behavior, including port scanning, failed SSH logins, '
'spikes in traffic, and connections from known malicious IP '
'addresses. Juniper Networks has issued recommendations to '
'customers for strengthening security practices and mitigating '
'future risks. This incident underscores the importance of '
'strong password policies and regular security monitoring to '
'prevent exploitation of network devices. No data leaks or '
'critical threats to personal, financial, or regional economic '
'security were reported.',
'impact': {'operational_impact': ['Unusual network behavior',
'Port scanning',
'Failed SSH logins',
'Spikes in traffic',
'Connections from known malicious IP '
'addresses'],
'systems_affected': ['Session Smart Router (SSR) products']},
'initial_access_broker': {'entry_point': 'Default Passwords'},
'lessons_learned': ['Importance of strong password policies',
'Regular security monitoring'],
'motivation': 'Conduct DDoS Attacks',
'post_incident_analysis': {'corrective_actions': ['Strengthening security '
'practices',
'Regular security '
'monitoring'],
'root_causes': ['Weak Password Policies']},
'recommendations': ['Strengthening security practices',
'Mitigating future risks'],
'response': {'communication_strategy': ['Issued recommendations to customers'],
'enhanced_monitoring': ['Regular security monitoring'],
'remediation_measures': ['Strengthening security practices',
'Mitigating future risks']},
'threat_actor': 'Mirai Botnet',
'title': 'Juniper Networks SSR Compromise',
'type': 'DDoS Attack',
'vulnerability_exploited': 'Weak Password Policies'}